Policy on the security and management of data privacy data

The Crédit Mutuel Alliance Fédérale is focused on using technology to improve human relationships and to reward the trust placed in us by customers. By using both a digital and physical approach to the customer relationship, CIC seeks to offer timely and relevant solutions and services to its customers. Knowledge of customers' personal data is a necessary condition of offering relevant products and services. This data, collected by the bank or provided by the customer, forms the basis of mutual trust, and must first and foremost be used to fulfil the bank's purpose: delivering the best possible service to the customer. The use of this data may raise questions. The personal data collected throughout the relationship must be used in a secure, appropriate, controlled and responsible manner. Against this background of shared needs, CIC has adopted a Charter on the use of its customers' personal data.

Transparency: communicating on the processing of your data

We collect and process your personal data fairly and transparently. Providing you with transparent information on the actions we have taken in processing your personal data is a priority for us, and we are committed to keeping your informed about our use of that data in a clear and precise manner.

Security: ensuring the protection and integrity of your data

Because the confidentiality and integrity of your personal data are essential elements in maintaining your trust, we ensure that it is kept safe.

We have therefore put in place procedures for checking and certifying our tools, which are designed to protect all your data against misuse. As information security is at the heart of our business activity, our teams of specialists are continually working to provide the maximum possible level of protection for your data, in all our business branches.

Ethics: using your data in your best interests

The personal information we hold is used to provide you with the most relevant services and advice. This information is confidential and is in no circumstances sold to third-party businesses. If any personal data is transferred to service providers outside the Group, such transfers are always carried out pursuant to a strictly defined framework, for a limited period and with trusted suppliers.

Control : allowing you to retain control over your data

Your banker is the first point of call for any checks you wish to make on your data. You have the right to access your personal data and to object to it being processed in certain circumstances. When you view our websites, full information on our cookie policy is provided to you. Enhanced protection is afforded to data concerning health, collected when taking out insurance policies.

We are committed to furthering our work in this area and will soon provide more personal information in your personal space. You can access that space at any time and request that it be updated, where necessary.

Glossary

Personal data - article 4 of the European General Data Protection Regulation: "Any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person."

Information system (IS): "An information system (IS) is an organised collection of resources that enables information to be collected, stored, processed and distributed, generally through the use of a computer."

IS User: "IS Users are those persons who benefit from the resources of, and have the necessary authorisation to access, the Information System."